Coordinated Attack
Here is a weak attack on the full sealer.
There are two conspirators, X and Y.
- X holds an unsealer U.
- Y holds box B which holds b which X wants.
- Y wants to help x get b.
- X and Y can communicate but only integers to each other.
X and Y each report the booty.
In regard to sealer logic we have often said that you need both unsealer and a sealed box to get the innards.
No one had both and the limited communications channel between them should have prevented the conspiracy.
If only the sealer code could invoke a sealed box all would be well.
Perhaps OCaml’s module system can fix this, but I am not confident.
This pattern is still useful but I need to think thru the ramifications of this attack.
It seems limiting to assume that all holders of an unsealer have the same goals.
Just now (2016 June 19) I see no use of sealers that Stiegler’s pattern does not provide.
A note